Check If You Have DNSChanger Malware

An estimated 275,000 computers are infected by the DNSChanger malware. Users who have the five year old malware may lose their Internet connection on Monday, July 9. If access to the Internet is ok, the other scenario is, they could be redirected to another website.

So, how do you know if your computer is infected by the DNSChanger malware? There is an organization called DNS Changer Working Group (DCWG) which launched a new tool to check if your computer is infected or not.

Just go to http://www.dns-ok.us/ to check if your PC’s health.

If the box in the resulting website is green, your computer is ok. If the box is red, your computer is infected by DNSChanger. Now, it’s highly unlikely that my Ubuntu desktop contains the DNSChanger malware. Here’s the snapshot of my result.

If you have the malware, you can run any of these free tools to remove DNSChanger.

Bind: Resolve Hostnames Only

Four years ago, I wrote a tutorial on how to install DNS on your Ubuntu desktop. The tutorial still works and is valid to this day. I recently referred to that article when I installed DNS on a machine running on Ubuntu server. While going through the DNS configuration, I couln’t get the DNS to resolve to hostnames only. It’s working with a fully qualified domain name (FQDN), but not the hostname. So, here’s the simple fix to get the DNS to resolve to hostnames.

The Test

ping server  # pinging the hostname doesn't work
ping: unknown host server
 
ping server.example.com  # pinging the FQDN works
PING server.example.com (192.168.1.1) 56(84) bytes of data

The Fix

Edit /etc/resolve.conf and add this to the top of the file.

search example.com.

Restart Bind

sudo /etc/init.d/bind9 restart

Test

ping server  # now the hostname works

Google DNS Benchmarked

Last week, Google made a couple of public DNS servers available to the general public. The claim was Google’s DNS was much faster than any DNS servers available to date. Andrew Brampton ran a series of tests to determine if this claim was indeed true. He tested Google’s DNS against OpenDNS, Sky/Easynet and Plus.net domain name servers. His findings were indeed interesting.

He found that OpenDNS is still faster than Google’s DNS servers, but Google’s DNS is faster than Sky/Easynet and Plus.net. In the meantime, I’ve already set my DNS servers to Google’s. I will probable leave it there since we are only talking microseconds here. Like Andrew’s conclusions, I expect Google’s servers to be optimized and tuned in the near future. It will only get better.

Using Google Public DNS

Google just announced today a new public DNS aimed at making browsing even a faster experience. DNS or domain name servers are servers that translate domain names to IP addresses that computers can understand. Having a faster DNS can definitely make surfing the web a faster experience. In the past, I’ve used OpenDNS as an alternative to my ISP nameservers. Now Google has their own.

nameserver 8.8.8.8
nameserver 8.8.4.4

To use Google DNS.

In Windows, you can open up your network interface IP properties and enter the Google nameservers. In Linux, you can place the Google nameservers in resolv.conf. In your router, you can replace your ISP nameservers with Google’s nameservers. Complete instructions on how to use Google’s nameservers are available from Google’s website.

Google DNS was no surprise to me. It makes perfect sense. What’s next? Web hosting.

Using DIG

Dig is a powerful command line tool for querying IP addresses, DNS servers, mail exchangers, name servers or any related information. With a simple command such as dig www.domain.com from the command line, you can garner a lot of information about that domain. If you want a list mail servers, you can simply type dig www.domain.com mx. If you want a list of nameservers, you can type dig www.domain.com ns. You can do more complex searches using the dig command.

How to Setup a DNS Server in Ubuntu

Overview
Would you like to setup a DNS Server in Ubuntu? How about setting up a private internal domain name at home? Well, you’ve come to the right place. There are number of tutorials on the internet showing you how to setup a DNS Server with Ubuntu using Bind 9. So, why another how-to document? That’s a good question. I’ve decided I needed to write a simple tutorial that anyone with a little bit of Linux knowledge would be able to follow. In the process, I hope readers are also able to learn how DNS works. Ok, let’s jump right to it!

What is DNS?

First of all, let’s cover the basics. What is DNS? DNS stands for Domain Name Server. It’s a service that runs on a server that translates humanly recognizable domain names such as www.yahoo.com or www.google.com into its assigned IP addresses. If the DNS server does not recognize the domain name being requested, it will forward the domain name request to another DNS server and so on until the name is resolved.

A typical DNS request is when someone is accessing a website. Let’s use the www.yahoo.com domain as an example. When a user clicks a Yahoo link or types the Yahoo URL on the address bar of the browser, the DNS server processes the domain request. If it doesn’t find www.yahoo.com on its DNS table, it will forward the request to another DNS server with a higher authority and so on until it finds a server with the URL entry. The IP address information is then sent back to the user’s browser. If the domain name is not found, a “server not found” message is displayed on the browser.

Assumptions

Enough with the DNS background. Let’s now start configuring our own DNS server. Let’s assume that we have the following: we want to create a private internal domain name called mydomain.com, our private internal network is 192.168.0.x and our router and gateway is set at 192.168.0.1. Let’s assume all devices are going to be configured with static IP addresses. Normally, most computer systems nowadays are configured to automatically obtain IP addresses from the DHCP server/router. In this example, we will use static IP addresses to show how DNS works. Finally, we have 3 computers connected to our network:

  • Ubuntu Server, the DNS server – 192.168.0.9
  • Ubuntu Desktop – 192.168.0.10
  • PC – 192.168.0.11

Instructions

1. To install the DNS server, we need to install Bind 9.

sudo apt-get install bind9

2. Let’s configure Bind. We need to touch 5 files.

We will edit 3 files.

  • /etc/bind/named.conf.local
  • /etc/bind/named.conf.options
  • /etc/resolv.conf

We will create 2 files.

  • /etc/bind/zones/mydomain.com.db
  • /etc/bind/zones/rev.0.168.192.in-addr.arpa

A. First step. Lets add our domain zone – mydomain.com.

sudo vi /etc/bind/named.conf.local
# Our domain zone
zone "mydomain.com" {
   type master;
   file "/etc/bind/zones/mydomain.com.db";
};
 
# For reverse DNS 
zone "0.168.192.in-addr.arpa" {
   type master;
   file "/etc/bind/zones/rev.0.168.192.in-addr.arpa";
};

Save file. Exit.

We just created a new domain. Please note: later we will create two files named mydomain.com.db and rev.0.168.192.in-addr.arpa files. Also, notice the reverse IP address sequence in the reverse DNS section.

B. Let’s add the DNS servers from your ISP. In my case, I’m using Comcast DNS servers. You can place the primary and secondary DNS servers here separated by semicolons.

sudo vi /etc/bind/named.conf.options
forwarders {
   68.87.76.178;
};

Save file. Exit.

C. Now, let’s modify the resolv.conf file found in /etc and place the IP address of our DNS server which is set to 192.168.0.9.

$ sudo vi /etc/resolv.conf
search mydomain.com.
nameserver 192.168.0.9

D. Now, let’s define the zones.

sudo mkdir /etc/bind/zones
sudo vi /etc/bind/zones/mydomain.com.db
$TTL 3D
@ IN SOA ns.mydomain.com. admin.mydomain.com. (
   2007062001
   28800
   3600
   604800
   38400
);
mydomain.com.  IN      NS         ns.mydomain.com.
ubuntudesktop  IN      A          192.168.0.10
www            IN      CNAME      ubuntudesktop
pc             IN      A          192.168.0.11
gw             IN      A          192.168.0.1
                       TXT        "Network Gateway"

The TTL or time to live is set for 3 days
The ns.mydomain.com nameserver is defined
ubuntudesktop, pc and gateway are entered as an A record
An alias of www is assigned to ubuntudesktop using CNAME

E. Let’s create a “rev.0.168.192.in-addr.arpa” file for reverse lookup.

sudo vi /etc/bind/zones/rev.0.168.192.in-addr.arpa
$TTL 3D
@       IN      SOA     ns.mydomain.com. admin.mydomain.com. (
                2007062001
                28800
                604800
                604800
                86400
)
        IN      NS      ns.mydomain.com.
1       IN      PTR     gw.mydomain.com.
10      IN      PTR     ubuntudesktop.mydomain.com.
11      IN      PTR     pc.mydomain.com.

3. Let’s restart Bind to activate our latest changes.

sudo /etc/init.d/bind9 restart

4. Finally, let’s test our new domain and DNS entries.

Dig

$ dig mydomain.com

Nslookup

nslookup gw

5. That’s it.